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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MO NTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 20 April 2005 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1-34 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-34 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 24 March 2004 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 20 April 
2005 has been entered. 

2. In an Examiner's amendment, claims 1, 7, 13, 18, 22, and 26 have been 
amended and claims 32-34 have been cancelled. Claims 1-31 have been examined. 

3. The Examiner held an interview with Attorney Lance Sadler on 5 July 2005 in 
which it was agreed to place the application in allowance by an Examiner's amendment. 
Upon further consideration, however, additional rejections are being made; the 
Examiner left a phone message with Attorney Sadler on 14 July 2005, attempting to 
arrange a supplemental interview, but the message has not been returned. The 
Examiner's amendment that was agreed upon is therefore not being entered, as it 
would not bring the Application into a state of Allowability. 
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Claim Objections 

4. Claim 33 is objected to under 37 CFR 1 .75(c), as being of improper dependent 
form for failing to further limit the subject matter of a previous claim. Applicant is 
required to cancel the claim(s), or amend the claim(s) to place the claim(s) in proper 
dependent form, or rewrite the claim(s) in independent form. The limitation recited in 
claim 33 is wholly encompassed in the first limitation of parent claim 1 . For purposes of 
the prior art search, this claim stands or falls with claim 1 . 

Claim Rejections - 35 USC § 101 

35U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 26-31 are rejected under 35 U.S.C. 101 because the claimed invention 
lacks patentable utility. The claimed invention teaches solely to nonfunctional 
descriptive material. See MPEP §21 06(A). 

6. Claim 32 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The claimed invention constitutes non- 
functional descriptive material. 
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Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claims 1-17, 22-31, and 33 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

Regarding claims 1, 7, 13, 22, and 26, the term "...content that is designed to 
constitute..." renders the claims indefinite because its makes it unclear as to whether 
the content must actually be one of the enumerated types of attack patterns. For 
purposes of the prior art search, it is being presumed that the pattern being search for is 
in fact one of the listed types of patterns. 

Claims 2-6, 8-12, 14-17, 23-25, 27-31, and 33 depend from rejected claims 1, 7, 
13, 22, and 26 and include all the limitations of those claims, thereby rendering those 
dependent claims indefinite. 

Not only is it not clear what kind of content would be "designed to constitute" an 
attack pattern, but one might also read the limitation as demanding that the invention 
not only be able to detect a possible threat, but also to be able to deduce the ulterior 
motives of the string's author. It is suggested that the term "designed to constitute" be 
replaced by a term whereby a determination has been made by the claimed invention 
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that a particular string simply is an attack pattern. As an example, Applicant might 
consider rewriting the first limitation of claim 1 as follows: 

"determining an attack pattern that can be used to attack a Web server, the 
attack pattern comprising content that is determined as constituting one or more of..." 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

8. Claims 32 and 34 are rejected under 35 U.S.C. 102(e) as being anticipated by 
U.S. Patent No. 5,884,033 to Duvall et al. 
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As per claim 32, Duvall defines a plurality of unwanted input strings to be filtered 
(see column 3, line 64 to column 4, line 11), a search pattern that permits variability, can 
search a portion of the string, and has wildcard characters (see column 6, lines 28^42), 
receives an input string on a web server (see column 8, lines 18-27), evaluates 
(screens) the strings, and takes remedial action if necessary, including denying the 
request (see column 6, line 60 to column 7, line 13). The patterns described in Duvall 
(see column 6, lines 35-42) constitute a regular expression. 

Regarding claim 34, the program is loaded into a computer running an operating 
system such as Windows 95; this can only be done if the program is retrieved from a 
computer-readable medium (see column 10, line 64 to column 11, line 20). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1-11 and 13-30, and 33 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent No. 5,884,033 to Duvall et al. in view of US. Patent No. 
6,421,781 toFoxetal. 
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Regarding claims 1, 2, 6, 18, and 33, Duvall defines a plurality of unwanted input 
strings to be filtered (see column 3, line 64 to column 4, line 1 1 ), a search pattern that 
permits variability, can search a portion of the string, and has wildcard characters (see 
column 6, lines 28-42), receives an input string on a web server (see column 8, lines 18- 
27), evaluates the strings, and takes remedial action if necessary, including denying the 
request (see column 6, line 60 to column 7, line 1 3). 

Duvall only discloses the use of the invention for the filtering of URL's that are 
related to material that is objectionable, depending upon the user's tastes and 
sensitivities (see column 2, lines 12-20). The filtering of attacks on a system, such as a 
disclosure attack, integrity attack, or a denial of service attack, is not disclosed. 

Fox discloses the parsing and checking of an incoming URL against a list of 
acceptable domains and variations thereof, and notes that this protects against denial- 
of-service attacks (see column 11, line 15 to column 14, line 4). 

Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to use the invention of Duvall by checking a URL against 
domain names, as disclosed by Fox, in order to protect against abusive denial-of- 
service attacks. 

As per claims 3 and 19, the patterns described in Duvall (see column 6, lines 35- 
42) constitute a regular expression. 

As per claims 4 and 20, Duvall discloses that the input string may be a URL (see 
column 5, lines 66-67). 
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As per claims 5 and 21 , Duvall discloses that the input string may be an HTTP 
verb request, such as a GET request (see column 6, lines 19-25). 

As per claims 7-10, 13-16, 26, 27, 29, and 30, Duvall discloses that the search 
patterns may be stored in RAM (see column 3, lines 45-49). 

As per claim 1 1 , Duvall discloses that the product may be patched onto an 
application that is already running (see column 9, line 14 to column 1 1 , line 20). 

As per claims 17 and 22-25, the program is stored in a public directory (on a 
disk) before being installed (see column 10, lines 64-66). 

As per claim 28, the list of patterns may be edited (see column 8, lines 1-9). 

1 0. It is noted that no art has thusfar been found that, in combination with Duvall, 
would suggest the detection of integrity or disclosure attacks. 

11. Claims 12 and 31 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over U.S. Patent No. 5,884,033 to Duvall et al. in view of US. Patent No. 6,421 ,781 to 
Fox et al. as applied to claims 7 and 26 above, and further in view of Oliver et al., 
"Building a Windows NT 4 Internet Server, 1996, p. 203. 

The system disclosed in Duvall may be implemented on a server and that it uses 
an API (see column 10, lines 59-63), but Duvall and Fox do not specifically disclose that 
it uses ISAPI. 

Oliver states that ISAPI (which stands for Internet Server API), which is an API 
native to the Microsoft® Internet Information Server, allows programmers to create 
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server applications that take advantage of the web server and is tightly linked to the 
operating system. 

Therefore, it would have been obvious to one having ordinary skill in the art at 
the time the invention was made to implement the system of Duvall and Fox by using a 
reliable and well-supported API such as the Microsoft® ISAPI, as disclosed in Oliver, 
when implementing the system disclosed by Duvall and Fox on a Windows NT server. 

Response to Arguments 

1 2. Applicant's arguments filed 20 April 2005 with respect to the rejections under 35 
U.S.C. 101; 35 U.S.C. 112, second paragraph; 35 U.S.C. 102; and 35 U.S.C. 103 have 
been fully considered but they are not persuasive. 

1 3. Regarding the rejection of claim 32 under 35 U.S.C. 1 01 , though Applicant's 
specification includes a computer-implemented embodiment of the claimed method, 
there is nothing in the claim as recited that either explicitly or implicitly requires tangible 
matter or a tangible result. The claim is therefore non-statutory. 

14. Regarding the rejections under 35 U.S.C. 112, second paragraph, please refer to 
the further discussion of the grounds of rejection, above. 
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1 5. In response to applicant's argument with respect to the rejections under 35 
U.S.C. 102, as has been previous noted, in view of the specification of the instant 
application, attack patterns can only be defined as being undesired strings that are 
intended for the web server. Although the specification of the instant application 
discloses several different kinds of attack patterns, those teachings cannot be viewed 
as limitations. All types of such strings that are claimed (URL's and http verb requests) 
are anticipated by Duvall. 

The mechanism by which such strings are screened out disclosed by Duvall 
anticipates all of the claimed limitations. Duvall processes strings in the claimed 
manner; applicant's alleged difference is in the subjective intent of the creator of the 
strings rather than in the content or processing of the strings. 

16. In response to applicant's argument with respect to the rejections under 35 
U.S.C. 103 that there is no suggestion to combine the references, the examiner 
recognizes that obviousness can only be established by combining or modifying the 
teachings of the prior art to produce the claimed invention where there is some 
teaching, suggestion, or motivation to do so found either in the references themselves 
or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 
837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 21 
USPQ2d 1941 (Fed. Cir. 1992). 

Regarding claims 1 and 18, Duvall discloses all of the limitations of the claimed 
invention, save for the use of the invention for screening URLs for particular kinds of 
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attacks. Applicant is also reminded that Duvall does disclose a server-side application, 
and provides for the use of variable strings. Fox discloses such an application and the 
motivation is sufficient to suggest to one skilled in the art to attempt to use Duvairs 
mechanism for detecting denial-of-service attacks. It is not necessary to modify Duvall's 
invention for the teachings of Fox beyond this suggested use. A prima facie case thus 
exists and the rejections are therefore proper. 

Regarding Applicant's argument that the invention of Fox is being used as 
motivation in and of itself, it is noted that Fox describes denial-of-service attacks as 
being an abuse. The combination of Duvall's and Fox's invention serves to combat 
denial-of-service attacks, as claimed. 

Regarding Applicant's arguments with regard to the rejection of claims 7, 13, 22, 
and 26, the grounds of rejection are presented jointly with numerous other claims, 
including claim 1 . All of the limitations not specifically discussed with respect to claims 
7, 13, 22, and 26 are previously discussed with respect to other claims, and are not 
repeated for the sake of brevity. 



Conclusion 

17. Due to the presentation of new grounds of rejection, this action is non-final. 

18. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew E. Heneghan, whose telephone number is 
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(571 ) 272-3834. The examiner can normally be reached on Monday-Friday from 8:30 
AM - 4:30 PM Eastern Time. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse, can be reached at (571) 272-3838. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571)273-3800 



Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (571) 272- 



Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtainedfrom either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



2100. 



MEH 





July 20, 2005 




